Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

By Thierry Gagnon

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies.

Related: Satya Nadella calls for facial recognition regulations

Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember. That all changed rather quickly.

Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. In fact, according to Verizon’s most recent data breach report, approximately 80 percent of all breaches are caused by phishing and stolen credentials. Not only are passwords vulnerable to brute force attacks, but they can also be easily forgotten and reused across multiple accounts.

They are simply not good enough. The sudden inadequacy of passwords has prompted broad changes to how companies must create, store, and manage them. The problem is these changes have made the user experience more convoluted and complicated.

Comment | Read | July 24th, 2023 | For consumers | For technologists | Guest Blog Post | Steps forward | Top Stories

GUEST ESSAY: 7 tips for protecting investor data when it comes to alternative asset trading

By Brian Nadzan

When it comes to alternative asset trading, protecting investor data is of critical importance.

Related: Preserving the privacy of the elderly

As more traders and investors engage in these investment avenues, it is crucial to adopt robust security measures to safeguard sensitive and regulated information. Here are seven tips to protect investor data in alternative asset trading.

•Conduct regular penetration testing. Regular and thorough penetration testing is crucial for identifying vulnerabilities within trading systems. By engaging third-party experts to simulate real-world hacks, companies can proactively uncover potential weaknesses and address them promptly.

Penetration testing provides valuable insights into a system’s security posture, allowing companies to fortify their defenses and protect investor data from malicious actors.

•Foster collaborative partnerships. Having access to a partner focused in cybersecurity brings fresh perspectives and allows for an unbiased evaluation of the systems in use. These partnerships strengthen a security posture by leveraging the expertise of professionals who specialize in identifying vulnerabilities and allows them to suggest remediation strategies. By working together, a robust cybersecurity framework can be established to protect investor data.

•Employ real-time antivirus scanning. Implement a multi-layered approach to protect against potential threats. By using real-time antivirus scanning to detect and neutralize

Comment | Read | July 11th, 2023 | For consumers | For technologists | Privacy | Top Stories

MY TAKE: ‘IOWN’ makes the business case for fostering diversity, respecting individual privacy

By Byron V. Acohido

To tap the full potential of massively interconnected, fully interoperable digital systems we must solve privacy and cybersecurity, to be sure.

Preserving privacy for a greater good

But there’s yet another towering technology mountain to climb: we must also overcome the limitations of Moore’s Law.

After 30 years, we’ve reached the end of Moore’s Law, which states that the number of transistors on a silicon-based semiconductor chip doubles approximately every 18 months. In short, the mighty integrated circuit is maxed out.

Last spring, I attended NTT Research’s Upgrade 2023 conference in San Francisco and heard presentations by scientists and innovators working on what’s coming next.

I learned how a who’s who list of big tech companies, academic institutions and government agencies are hustling to, in essence,

Comment | Read | July 10th, 2023 | For consumers | For technologists | My Take | Steps forward | Top Stories | Videos

FIRESIDE CHAT: Outrageous phone bills stun businesses targeted for ‘SMS toll fraud’

By Byron V. Acohido

SMS toll fraud is spiking. I learned all about the nuances of deploying – and defending – these insidious attacks in a recent visit with Arkose Labs CEO, Kevin Gosschalk, who explained how the perpetrators victimize businesses that use text messages to validate phone users signing up for a new account.

Related: Countering Putin’s weaponizing of ransomware

The fraudsters set themselves up as “affiliates” of phone companies in Indonesia, Thailand and Vietnam and then use bots to apply for online accounts, en masse, at a targeted business. The con: each text message the business then sends in return —  to validate the applicant — generates a fee for the phone company which it shares with the affiliate.

This fraudulent activity usually remains undetected until the business receives a bill for an unusually high number of

Comment | Read | June 30th, 2023 | For consumers | For technologists | Podcasts | Privacy | Steps forward | Top Stories

News Alert: ThriveDX’s Cyber Academy for Enterprise meets talent shortage, promotes inclusion

Miami, Fla. – June 20, 2023 –  ThriveDX, the leader in cybersecurity and digital skills training, today announced the official launch of its new Cyber Academy for Enterprise. This innovative solution, part of the company’s Human Factor Security suite, empowers organizations to reskill and upskill employees for cybersecurity positions while also attracting diverse external candidates, simultaneously addressing the growing talent and diversity gaps in the cyber industry.

Cyber Academy for Enterprise is more than a cybersecurity training program – it’s a complete solution that enables businesses and government agencies to cultivate their internal talents while simultaneously attracting diverse external candidates for cybersecurity positions.

Designed for an end-to-end cybersecurity learning journey, the program offers pre-training screening, intensive training, and post-training matching to facilitate an efficient talent acquisition and development process.

“The cybersecurity talent shortage and lack of diversity, is one of the biggest challenges of human resources and cybersecurity leaders. Effective reskilling of employees demands considerable investment, and recruiting diverse talent requires a comprehensive understanding of

Comment | Read | June 20th, 2023 | Best Practices | For consumers | For technologists | Steps forward

My Take: Russian hackers put the squeeze on U.S agencies, global corps in MOVEit-Zellis hack

By Byron V. Acohido

It was bound to happen. Clop, the Russia-based ransomware gang that executed the MOVEit-Zellis supply chain hack, has commenced making extortion demands of some big name U.S. federal agencies, in addition to global corporations.

Related: Supply-chain hack ultimatum

The nefarious Clop gang initially compromised MOVEit, which provided them a beachhead to gain access to Zellis, a UK-based supplier of payroll services. Breaching Zellis then gave them a path to Zellis’ customer base.

According to Lawrence Abrams, Editor in Chief of Bleeping Computer, the Clop ransomware gang began listing victims on its data leak site on June 14th, warning that they will begin leaking stolen data on June 21st if their extortion demands are not met.

Among the victims listed were Shell, UnitedHealthcare Student Resources, the University of Georgia, University System of Georgia, Heidelberger Druck, and Landal Greenparks.

As for federal agencies, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed breaches due to this vulnerability. “CISA is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” said Eric Goldstein,

Comment | Read | June 16th, 2023 | For consumers | For technologists | My Take | Privacy | Top Stories

GUEST ESSAY: The key differences between ‘information privacy’ vs. ‘information security’

By John Bruggeman

Information privacy and information security are two different things.

Preserving privacy for a greater good

Information privacy is the ability to control who (or what) can view or access information that is collected about you or your customers.

Privacy controls allow you to say who or what can access a database of customer data or employee data.

The rules or policies you put in place to make sure information privacy is maintained are typically focused on unauthorized disclosure of personal information.

Controls need to be in place to protect individuals’ privacy rights, including,  often, their right to be forgotten and be deleted from your company database.

Here are a few examples of demographic data that in combination with sensitive data makes it Personally Identifiable Information (PII).

Comment | Read | June 12th, 2023 | For consumers | For technologists | Guest Blog Post | Top Stories

« Newer Articles
Older Articles »